ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 51 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 51
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's AWS CloudTrail logs are all centrally stored in an Amazon S3 bucket. The security team controls the company's AWS account. The security team must prevent unauthorized access and tampering of the CloudTrail logs.
Which combination of steps should the security team take? (Choose three.)

  • A. Configure server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
  • B. Compress log files with secure gzip.
  • C. Create an Amazon EventBridge rule to notify the security team of any modifications on CloudTrail log files.
  • D. Implement least privilege access to the S3 bucket by configuring a bucket policy.
  • E. Configure CloudTrail log file integrity validation.
  • F. Configure Access Analyzer for S3.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by ahrentom at Oct. 26, 2023, 7:58 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ahrentom
Highly Voted 1 year, 3 months ago
Selected Answer: ADE
ADE https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html
upvoted 5 times
...
d3717d5
Most Recent 1 month, 3 weeks ago
Selected Answer: ADE
ADE, not F - because Access Analyzer is monitoring , will not prevent unauthorized access.
upvoted 1 times
...
youonebe
7 months ago
Selected Answer: ADE
Option B (compression) doesn't provide security benefits Option C is reactive rather than preventive Option F is a monitoring tool but doesn't directly prevent unauthorized access or tampering
upvoted 1 times
...
Zek
8 months, 3 weeks ago
ADE. Agreed
upvoted 1 times
...
Raphaello
11 months, 3 weeks ago
Selected Answer: ADE
ADE We agree.
upvoted 1 times
...
Aamee
1 year, 2 months ago
Selected Answer: ADE
Here's what it describes about the usage of log file integration and the SSE-KMS usecase scenario: "If you use SSE-KMS and log file validation, and you have modified your Amazon S3 bucket policy to only allow SSE-KMS encrypted files, you will not be able to create trails that utilize that bucket unless you modify your bucket policy to specifically allow AES256 encryption, as shown in the following example policy line. "StringNotEquals": { "s3:x-amz-server-side-encryption": ["aws:kms", "AES256"] } "
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel